Agent Permission

You can set fine-grained permission controls for the agent to meet business needs.

Target Type

Set the type of target user for permission control:

• User: Set permissions for an individual user.
• User Group: Set permissions for a user group.

Select Target

Specify the target user to be authorized.

• When the object type is set to User, you must add the authorized user by entering their full User ID, Login ID, or Unified Identity Authentication ID.
• When the object type is set to User Group, you can add the corresponding group from the dropdown list of user groups (you can only see user groups that you created or those that are public).

Permission Type

Set the type of authorization:

• Allow: Allow the selected user and permission.
• Deny: Deny the selected user and permission.

⚠️ Note: According to the principle of least privilege, deny always takes precedence. This means if a user is allowed a permission in one group but denied the same permission in another, the user will ultimately not have that permission.

Permissions

Set specific user permissions here:

• Read: The user can view the agent's workflow and run debug sessions.
• Write: The user can view and edit the agent’s workflow, settings, etc.
• Delete: The user can view, edit, and delete the agent.
• Customer Service: The user can take over the conversation with end users in the current session.

⚠️ Note: Delete includes Write permissions, and Write includes Read permissions.